From: Anoop Saldanha <anoopsaldanha@gmail.com>
Date: Fri, 18 Oct 2013 10:33:16 +0000 (+0530)
Subject: Fix for #1003.
X-Git-Tag: suricata-2.0beta2~183
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=95ed53c590178b37c59974eceb61cb2b3f059923;p=thirdparty%2Fsuricata.git

Fix for #1003.

Now that we call stream reassembly directly from proto detection, we will
need to check if reassembly has been disabled inside the stream reassembly
callback.

This prevents any calls to bypass and re-enter proto detection, despite
having reassembly disabled.
---

diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c
index 3c17ba6a8c..e2f84e8688 100644
--- a/src/stream-tcp-reassemble.c
+++ b/src/stream-tcp-reassemble.c
@@ -1856,6 +1856,14 @@ int StreamTcpReassembleInlineAppLayer(ThreadVars *tv,
 
     uint8_t flags = 0;
 
+    /* this function can be directly called by app layer protocol
+     * detection. */
+    if (stream->flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY) {
+        SCLogDebug("stream no reassembly flag set.  Mostly called via "
+                   "app proto detection.");
+        SCReturnInt(0);
+    }
+
     SCLogDebug("pcap_cnt %"PRIu64", len %u", p->pcap_cnt, p->payload_len);
 
     SCLogDebug("stream->seg_list %p", stream->seg_list);
@@ -2597,6 +2605,14 @@ int StreamTcpReassembleAppLayer (ThreadVars *tv, TcpReassemblyThreadCtx *ra_ctx,
 {
     SCEnter();
 
+    /* this function can be directly called by app layer protocol
+     * detection. */
+    if (stream->flags & STREAMTCP_STREAM_FLAG_NOREASSEMBLY) {
+        SCLogDebug("stream no reassembly flag set.  Mostly called via "
+                   "app proto detection.");
+        SCReturnInt(0);
+    }
+
     uint8_t flags = 0;
 
     SCLogDebug("stream->seg_list %p", stream->seg_list);